How Secure is a Connected Car from a Cyber Threat?
With wireless technology rapidly shifting toward fifth generation (5G) capability, the connection of consumer-oriented devices to the internet will expand exponentially. One interesting application area that 5G technology enables is the furtherance of the Intelligent Transportation System (ITS) concept.1 ITS can support vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I), and infrastructure-to-vehicle (I2V) communications, thus enabling the transportation industry to begin realizing a vision supported by autonomous and semi-autonomous vehicles able to safely travel in an optimized path from an origin to a destination. In principle, ITS enables awareness of road, traffic, weather, and other conditions with a means to automatically adjust or route vehicles to safely transport occupants and goods.
Current automobiles contain a significant amount of network technology. The Controller Area Network (CAN) originated in the early 1980’s, saw its first production implementation in the BMW 8-series in 1988, and evolved into the Society of Automotive Engineers (SAE) J1583 CAN standard in 1990.2 Further, SAE developed Local Interconnect Network (LIN) J2602/1 to define requirements to enable electronic control units (ECU’s) attached to the local area network to successfully communicate and interact.3 LIN was originally developed by a consortium of automobile manufacturers to create a simple, low-speed serial network to receipt/transmission of sensor and control data to operate small motors, fans, mirrors, seats, etc., from a master control unit. Today’s automobiles have dozens have ECU’s controlling and monitoring various components within each vehicle, all communicating via vehicle networks to enable system operation and enhance the driver experience.4 With the addition of external wireless communications to provide enhanced diagnostic and condition information to the manufacturer and other original equipment manufacturers (OEM’s) and sophisticated multimedia entertainment systems, automobiles also represent a target platform to those wishing to perpetrate cybersecurity threats.
As with industrial control systems, the various network components and protocols used to exchange information within an automobile were proprietary and isolated, thus creating the illusion of a being secure. Consequently, security requirements and safeguards were minimal. Unfortunately, as system functionality has grown, more stringent security is required, more so with the advent of mobile broadband internet.5 The well-publicized hack of Chrysler’s Uconnect system to remotely control a 2014 Jeep Cherokee in July 2015 through a zero-day exploit of the vehicle’s wireless entertainment system to access the CAN and connected devices was indicative of automotive industry vulnerability.6 That hack resulted in a recall of 1.4 million Chrysler vehicles to patch software vulnerabilities. Clearly, Chrysler addressing one zero-day exploit does not mean there are no others present in software installed in the various systems used in their vehicles, and the same is true for every other manufacturer.
A more recent example of a sophisticated cyber attack occurred with Chinese hackers attacking a Tesla Model S.7 The hackers created a phony WiFi access point to mimic one that a Tesla showroom might have, “Tesla Guest,” using publicly known shared passwords from dealerships to enable auto-connection from prior Telsa Guest connections. In a Tesla, the main computer and entertainment systems are not directly connected to the CAN, but a gateway provides a connection between the entertainment system network and the CAN. Once the hackers had an open WiFi connection to the target vehicle, they used the Tesla browser to take control of the vehicle’s main computer, and overwrote gateway firmware with their own to provide access to the CAN and thus control connected devices and systems. Wired posted a video demonstrating various forms of remote actions taken with two Tesla models in his article, accessible via the following url: https://www.youtube.com/watch?v=c1XyhReNcHY.7 Interestingly, rather than just patching vulnerabilities, Tesla decided to change the security architecture employed in their vehicles to require cryptographic signatures for CAN-related firmware using keys that only Tesla would possess. This approach is analogous to that used by Apple for its devices, and demonstrates that at least some manufacturers are adopting leading cybersecurity approaches from other industries to better address a major threat to public safety.
References
- Petit, Jonathan, and Shladover, Stephen E., “Potential Cyberattacks on Automated Vehicles,” IEEE Transactions on Intelligent Transportation Systems, Vol. 16 Issue 2, 16 Sep 2014.
- J1583_199003, Control Area Network (CAN), an In-vehicle Serial Communication Protocol, Vehicle Architecture for Data Communication Standards, Society of Automotive Engineers (SAE International), 16 Mar 1990.
- J2602/1_2011 Standard, LIN Network for Vehicle Applications, Vehicle Architecture for Data Communication Standards, Society of Automotive Engineers (SAE International), 19 Nov 2012.
- Costlow, Terry, “Digging Deep for Cyber Security Solutions,” Automotive Engineering, Society of Automotive Engineers, 26 May 2015.
- Bordonali, Corrado, Ferraresi, Simone, and Richter, Wolf, “Shifting Gears in Cybersecurity for Connected Cars,” Automotive & Assembly, April 2017.
- Greenberg, Andy, “Hackers Remotely Kill a Jeep on the Highway — with Me in It,” Wired, 21 Jul 2015.
- Greenberg, Andy, “Tesla Responds to Chinese Hack with a Major Security Upgrade,” Wired, 27 Sep 2016.
Users who have LIKED this post:
6 comments on “How Secure is a Connected Car from a Cyber Threat?”
Comments are closed.
Thank you for your informative post, David. You chose a number of great examples.
Tesla responded very well to the hacks, including the way the leadership team engaged with the hackers. Two cool examples below:
1. Recognition for the hackers: Straubel credits KeenLabs’ researchers for kickstarting Tesla’s move to push out its code signing upgrade. He says Tesla will pay KeenLabs’ team a monetary reward for its work as part of company’s bug bounty program. “They did good work,” Straubel says. “They helped us find something that’s a problem we needed to fix. And that’s what we did.” https://www.wired.com/2016/09/tesla-responds-chinese-hack-major-security-upgrade/
2. JB at DefCom: Tesla CTO JB Straubel (center) speaks after Marc Rogers of Cloudflare (left) and Lookout Security CTO and co-founder Kevin Mahaffey (right) presented their research on the Tesla S at DEF CON. http://teslamag.de/news/def-con-tesla-vize-jb-4023
Thank you, Boryana, and I completely agree with your comments/additions. I was notably impressed and encourage with Tesla’s response to implement code-signing and not just the usual patches, as a couple of other manufacturers have done. Code-signing isn’t the end-all as the Stuxnet case showed, but hijacking a signature is significantly more difficult. After driving a friend’s Tesla X, it definitely got me thinking about vulnerabilities, particularly with autonomous features active.
This was a fascinating read!
https://www.wired.com/2017/04/ubers-former-top-hacker-securing-autonomous-cars-really-hard-problem/
This article emphasizes the need for the industry to bring fundamental changes to the security architecture of autonomous vehicles. Charlie Miller (ex-employee at Uber and current employee at Didi) explains that engineers must introduce “codesigning”that only allows trusted code to run using a cryptographic key. Miller also discusses the vulnerabilities of the OBD2 port (an outlet that allows access to the vehicle’s sensitive systems), which can easily be accessed by a remote attacker.
Thank you, Saif. I drove a friend’s Tesla X back in April, and we engaged the autonomous drive on a toll road that has some high overpasses and curves. I was thinking at the time that one has to really trust the security of the system to turn driving over to an autonomous system that could be getting software updates that have issues, perhaps even in real-time. It’s not a comfortable feeling. I absolutely believe that code-signing is critical, and, further, this is a fundamental design issue. As an analogy, the time to specify use of SAE 9/16″ fasteners for connecting components is before the car is built, not realizing that the SAE 1/2″ fastener originally chosen wasn’t strong enough after the manufacturer has built 3 million vehicles. A problem solved in the design and specification stages is much cheaper than addressing it in aggregate after-the-fact, as the Jeep Cherokee hack illustrates all too well.
Thank you for sharing this interesting article. The latter really helped me understand in details the hackers’ methods to take controls of a vehicle’s main computer. As the previous cyberattacks may suggest, a centralized network is outdated. Do you think the blockchain technology and its distributed network could eliminate those cyberattacks ? Is is implementable in the driverless car industry?
Another possible application of blockchain in this industry would be data sharing.
We have seen with J.B Straubel keynote how important data processing can be for autonomous vehicle.
Here is a link to a Fortune article that explains this concept in more depth:
http://fortune.com/2017/05/22/toyota-mit-blockchain-driverless-cars/
Thank you, Victor. Very interesting perspective. Blockchain is interesting to me, too, but I wonder about real-time usage across a very large population of sensors and whether the transaction load response time would be sufficient. But, given how processing power continues to grow along with network evolution, new means will be available to provide compute services. Time will tell?